Method and apparatus for ws-policy based web service controlling

ABSTRACT

Apparatus and method for WS-Policy based web service controlling. The apparatus includes: a service policy repository for storing a plurality of Web Service policies; a service policy agent for receiving a request for a Web Service policy from a service consumer and for obtaining conditioning information that influences the Web Service policy; and a service policy conditioner for selecting corresponding Web Service policy from the service policy repository in accordance with the conditioning information. The service policy agent sends the Web Service policy to the service consumer. The Web Service policy-based service differentiation method decouples the service differentiation mechanism from the service provision and service invocation mechanism and can provide policy support in accordance with other nonfunctional conditions besides service functions.

FIELD OF THE INVENTION

The present invention relates to the field of Web Services (WS) and,more particularly, to a method and an apparatus for WS-Policy based webservice controlling.

BACKGROUND

Web service is a distributed computing environment, whose basic idea isto implement distributed software development, software engineering andsoftware using on the Internet by using open standard techniques. Here,“service” means all kinds of software distributed on the Internet, andeither an entity user or an individual user can invoke service softwareexisting on the Internet by using Web service techniques to constitutetheir own application software in accordance with service needs.Application software of different entities can invoke each other withWeb service techniques to support applications, such as e-business,client relationship model, etc. and so do the application software ofentities and clients. Although the meaning of Web service is totallydifferent from that of common Web that can only provide data service,the adopted protocol and interface thereof still fall into Webtechniques that have been put into extensive use.

The basic technique of Web service lies in XML that is an extensiblemarkup language defined by W3C to describe data. Different fromHypertext Markup Language (HTML), XML merely describes data contents perse without involving display of data, and thus it can be used todescribe any content in broad sense. In Web service, it is XML that isused to describe remote invocation operations and implementation resultsthereof. The description is loaded in Simple Object Access Protocol(SOAP), and SOAP messages are usually transferred in the most commonHTTP. Since XML text description is irrelevant to implementation,platforms that adopt different operating systems and differentprogramming languages can interact with each other via Web service. Thedistribution and description of Web Service per se is also implementedusing XML.

Web Service policy describes the requirements and abilities of a webservice in its interactions with other web services or consumers, whichis important to Service Level Agreement (SLA). The Web Services Policy(WS-Policy) Framework defined by IBM, BEA, Microsoft, etc., is the defacto standard for Web Service policy. It provides a general purposemodel and corresponding syntax to describe the policies of a Webservice. WS policy defines a set of base constructs that can be used andextended by other Web services specifications to describe a broad rangeof service requirements and capabilities. Based on WS policy, a standardset has been defined for different perspectives of system includingWS-RM policy, WS-Security policy, WS-Atomic transactions, WS policyassertions, etc. Users can also define policy languages based on WSpolicy and related standards for their requests. Web Service policy is astandard protocol that can be easily extended and can be used to performother functions.

In general, a Web service provider will disclose a policy to presentconditions for service provisioning. The service provider defines andpublishes a set of options in policy statements in different ways, suchas via a service registration center (e.g. UDDI) or embedded in WSDL. Aservice consumer can use the policy to decide whether and how to use theservice. Further, the service consumer can select any substitute optionin the policy statements because each substitute option is an effectiveconfiguration capable of interacting with the service. Generally, theservice consumer or other policy enforcement point choose an option inthe policy statements and aggregate it with local policy statement togenerate the effective policy that will be enforced during communicationwith the service provider.

Such a mechanism provides flexibility for the provider who providesclient side application selection service. In this mechanism, after theservice provider exposes all its acceptable options, the choice isactually in the requester's hand, and the service provider cannotcontrol the service requester to choose which option. Thus, a certainpolicy option might be used by many requesters, while other options areseldom or hardly chosen, so that the load of the service provider is notbalanced. For example, after the resource of a certain policy option isexhausted, if requesters still request the service provider to provideservice in accordance with the policy option, then the service providercannot provide service in accordance with the option. Meanwhile, if arequester requests other service, the service provider has resources toprovide service in accordance with the option. Therefore, there is aneed for a mechanism to enable a service provider to dynamically decidethe disclosure of service policy in accordance with conditions, so as toprevent service consumers from blindly choosing service policy.

Another demand for Web service is to provide service differentiation.Efforts have been made by industry and academy to enable Web servicedifferentiation. However, these methods are derived by extending IPdifferentiated service, and focus on service implementation itself andnetwork transportation layer, such as a Web server.

SUMMARY

According to an aspect of the present invention, an apparatus isprovided for WS-Policy based web service controlling, comprising: aservice policy repository for storing a plurality of Web Servicepolicies; a service policy agent for receiving a request for a WebService policy from a service consumer and for obtaining conditioninginformation that influences the Web Service policy; and a service policyconditioner for selecting corresponding Web Service policy from theservice policy repository in accordance with the conditioninginformation, wherein the service policy agent sends the Web Servicepolicy to the service consumer.

According to another aspect of the present invention, provided is a Webservice provider including the above apparatus for WS-Policy based webservice controlling.

According to a further aspect of the present invention, a Web Servicepolicy registration center is provided including the above apparatus forWS-Policy based web service controlling.

According to a still further aspect of the present invention, a methodfor WS-Policy based web service controlling is provided, comprising thesteps of: receiving a request for a Web Service policy from a serviceconsumer; in response to the request, obtaining conditioning informationthat influences the service; selecting a Web Service policycorresponding to the conditioning information from a policy repository;and sending the Web Service policy to the service consumer.

According to a still further aspect of the present invention,machine-readable storage means is provided on which a computer programis stored, the computer program having a plurality of machine-executablecode parts to enable the machine to perform the steps of: receiving arequest for a Web Service policy from a service consumer; in response tothe request, obtaining conditioning information that influences theservice; selecting a Web Service policy corresponding to theconditioning information from a policy repository; and send the WebService policy to the service consumer.

BRIEF DESCRIPTION ON THE DRAWINGS

The accompanying drawings illustrate embodiments of the invention and,together with the description, serve to explain the principles of theinvention. In the drawings:

FIG. 1 is a schematic view of a data processing environment in whichpreferred embodiments of the present invention can be appliedadvantageously;

FIG. 2 is a block diagram of an apparatus for WS-Policy based webservice controlling according to an embodiment of the present invention;and

FIG. 3 is a flowchart of a method for WS-Policy based web servicecontrolling according to an embodiment of the present invention.

Like elements and components are designated with like numeralsthroughout the drawings, and repeated description thereof is omitted.

DETAILED DESCRIPTION

FIG. 1 is a block diagram of a data processing environment in whichpreferred embodiments of the present invention can be appliedadvantageously. In FIG. 1, a client/server data processing host 10 isconnected to client/server data processing hosts 12 and 13 via a network11, e.g. the Internet. For example, a Web client program is run on host10, and Web service on host 12 is accessed via a gateway server on host13. Client/server 10 has a processor 101 for running a programcontrolling the operation of client/server 10, a RAM volatile storageelement 102, a nonvolatile memory 103, and a network connector 104 forconnecting to network 11 to communicate with other clients/servers 12and 13.

In the present invention, a preferred way of describing service policyis to adopt Service Policy Profile (SPP) mechanism. SPP defines a set ofWeb Service policies and describes the abilities and requirements of aWeb service. Generally speaking, SPP can be denoted in the form of XMLfile, an SPP file describes a set of service policies, including e.g. RM(reliable message), TX (transaction), RT (response time) and Sec(security) policy parameters to represent reliable message, transaction,response time and security policy parameters, respectively. Another setof service policies can be described using another SPP file. Before aservice consumer activates a Web service, he(she) can request SPP andactivate the Web service in accordance with the policy in SPP. SPP canbe stored in any form. For example, SPP can be a separate XML file.Those skilled in the art should understand that using SPP to describeservice policy is merely an embodiment, and other forms, such as textfiles and other forms agreed between the service provider and theservice consumer, can also be directly used to describe service policy.

Further, service policy can also be embedded in the service metadatadescribing service and is obtained while the service consumer requeststhe service metadata. For example, according to Web Service PolicyAttachment (WS-Policy Attachment), Web Service policy can be attached toa service registration center (e.g. UDDI) entity to be associated withWeb service body. Also, Web Service policy can be embedded in WSDL, XSDor DTD metadata. When the service consumer requests a metadata file,then the metadata file in which Web Service policy is embedded is sentto the service consumer. In this manner, the service consumer obtainsservice policy while obtaining the metadata file, and he(she) canactivate the Web service in accordance with the service policy and themetadata.

If Web Service policy is attached to a service registration center (e.g.UDDI) entity, a service policy or metadata controller 210 can be a partof the service registration center (e.g. UDDI), whose function is toscreen Web Service policy. If Web Service policy is embedded in WSDL,XSD or DTD, service policy or metadata controller 210 can be a part ofWeb service supporting WS-Discovery.

FIG. 2 is a block diagram of an apparatus for WS-Policy based webservice controlling according to an embodiment of the present invention.First, the present invention is illustrated in detail in a situation inwhich the service consumer requests separate Service Policy Profile(SPP). In FIG. 2, service policy or metadata controller 210 contains aservice policy repository 211, a service policy or metadata agent 212,and a policy conditioner 213. Service policy or metadata controller 210can be a separate server, which receives a request for SPP from aservice consumer 220 and sends an SPP file to service consumer 220 via aprotocol, such as HTTP and FTP.

First, during the development and deployment of Web service, a serviceprovider 230 defines a set of plural service policies that are allowableto the Web service and service policy selection rules according toservice conditioning plan, and stores the set in service policyrepository 211. Service policy selection rules define one or moreconditions for selecting respective service policies, and when serviceconditioning information conforms to the one or more conditions,corresponding service policy is selected. Service policy selection rulescan be described in many forms, among which XML file is the most common.Further, other describing forms, like condition format, can also beused. The present invention is not limited to a specific describingform. For example, when service policy selection rules are useridentity, including common user and VIP user, and service policy usesSPP file, then for a service consumer which is a common user accordingto SLA, the following SPP1 is selected:

SPP1 ={       RM = false       TX = false       RT = 5 seconds       Sec= non      }

This means that for such kinds of service consumer, the service does notsupport reliable messaging and transaction features. The maximumresponse time is five seconds without security support.

For a service consumer which is a VIP user according to SLA, thefollowing SPP2 is selected:

SPP2 ={       RM = true       TX = AtomicTransaction       RT = 1 second      Sec = X509      }

This means that for such kind of service consumer, the service supportsreliable messaging and atomic transaction. The maximum response time isone second with X509-based security support.

Additionally, when service policy is described using SPP file, andservice policy selection rules are load threshold or period of time,then for Web service whose load does not exceed a threshold or which isin a certain idle period of time (e.g. 22:00-6:00), the following SPP3is applied:

SPP3 = { RT = 1 second }

This means that all service consumers get relatively quick response timein this case. On the contrary, for Web service whose load exceeds athreshold or which is in a certain busy period of time (e.g.9:00-21:00), the following SPP4 is applied:

SPP4 ={       RT = 5 seconds      }

This means that in this case, system resources are not enough toimplement relatively good service, and all service consumers getrelatively slow response time.

There are various policy selection rules. In additional to user identityselection rule, period of time selection rule, and load thresholdselection rule mentioned in the foregoing, those skilled in the art canfurther define other selection rule on demand, examples of which will bepresented below.

There can be many ways of storing service policy and service policyselection rules in service policy repository 211, which can be in theform of database, e.g. XML database, or the way of common database plusan explaining application, or the way of file matching. The presentinvention is not limited to a specific storage way.

Hereinafter, suppose service policy is described using SPP file for thepurpose of convenient description.

Service policy or metadata agent 212 receives a request for SPP fromservice consumer 220 that can request SPP to service policy or metadataagent 212 in its different phases. For example, service consumer 220 canrequest SPP to service policy or metadata agent 212 during development,deployment, and runtime.

In response to the request of service consumer 220, service policy ormetadata agent 212 further request conditioning information that caninfluence service policy to the information collector 240. There can bemany kinds of conditioning information that can influence servicepolicy, including transaction processing mode, security measure,language, and accessibilities of service consumer 220 and/or serviceprovider 230, such as identity, language, version, and region of theservice consumer and encrypting way, transaction processing mode, loadstate, response time, and period of time of the service provider. Itshould be understood that the present invention is not limited to theabove conditioning information, and those of ordinary skill in the artcan use any conditioning information of the service consumer or serviceprovider that can influence the service. Meanwhile, the conditioninginformation serves as a basis for service policy selection rules.

It should be understood that information collector 240 can request theconditioning information from the service consumer, the service provideror other monitoring server. Information collector 240 can be anyapplication, program module, or server that can obtain the aboveconditioning information. For example, information collector 240 can bean authentication server. During authentication, service policy ormetadata agent 212 can obtain an identifier of service consumer 220 fromthe authentication server. Or, information collector 240 can be a Webservice monitoring system, which monitors resource utilization status ofthe Web service provider and which provides information of the serviceprovider, such as encrypting way, transaction processing mode, loadstate, and service response time. Further, information collector 240 canalso be a system managing Service Level Agreement (SLA). It can provideany condition used for differentiating service in accordance with SLA.Techniques of acquiring conditioning information and how to monitor theWeb service provider are well known, and the present invention is notlimited to any specific way of monitoring Web service state andproviding which kind of state information of Web service.

It should be understood that to obtain conditioning information frominformation collector 240 is an optional way. When service consumer 220sends a request to service policy or metadata agent 212, service policyor metadata agent 212 can obtain much differentiated service informationof service consumer 220. For example, service policy or metadata agent212 can obtain service ID, WS-Addressing endpoint, message ID, language,version, IP address, region of service consumer 220 and other message.According to the above messages, service differentiation can be providedfor service consumer 220. At the same time, the conditioning informationserves as a basis for service policy selection rules.

Information collector 240 collects service conditioning information andsends the information to service policy or metadata agent 212.

Upon receipt of the service conditioning information, service policy ormetadata agent 212 sends to policy conditioner 213 ID of the requestedservice, ID of the service consumer, message ID, and the serviceconditioning information.

Policy conditioner 213 obtains corresponding policy selection rule andSPP from the policy repository, selects corresponding SPP for serviceconsumer 220 based on service conditioning information and policyselection rule, and sends the corresponding SPP to service policy ormetadata agent 212.

Policy conditioner 213 returns the selected SPP to service policy ormetadata agent 212 that returns the SPP to service consumer 220. In thismanner, service differentiation based on Web Service policy is realized.

Under service policy selection rules based on period of time and loadthreshold, if the load of service provider 230 does not exceed athreshold or is in a relatively idle period of time, policy conditioner213 selects SPP3 with relatively good quality of service, so that allservice consumers can select better quality of service. If the load ofservice provider 230 exceeds a threshold or is in a relatively busyperiod of time, policy conditioner 213 provides SPP4 with relatively badquality of service for the service consumer. All service consumers canonly use relatively bad quality of service, whereas the service providercan control the use of its resources.

It should be understood that to select corresponding SPP for the serviceconsumer based on service conditioning information and policy selectionrules is feasible to those of ordinary skill in the art. For example, itcan be set among policy selection rules to select a certain SPP1 when apiece of service conditioning information is within a threshold range.Once it is determined whether the current service conditioninginformation is in the range, it can be decided whether to use the SPP1.The logic determination can be implemented by various programmingmethods. Detailed description about it is omitted here.

Alternatively, upon receipt of corresponding SPP of the serviceconsumer, service policy or metadata agent 212 sends service consumer IDand the SPP to service provider 230 for preparation. Another possibilityis that when service is invoked, service provider 230 requests the SPPwhich is provided by service policy or metadata agent 212 for serviceconsumer 220. In response to the request, service policy or metadataagent 212 sends the SPP to the service provider.

Hereinafter, the embodiment as shown in FIG. 2 will be illustrated in asituation in which the service consumer requests metadata containingservice policy.

Service policy or metadata agent 212 receives a request for metadatacontaining service policy from service consumer 220. In response to therequest of service consumer 220, service policy or metadata agent 212further makes a request to information conditioner 240 for conditioninginformation that can influence service policy. Information collector 240collects service conditioning information and sends the information toservice policy or metadata agent 212. Upon receipt of the serviceconditioning information, service policy or metadata agent 212 sendsservice ID and the service conditioning information to policyconditioner 213. Policy conditioner 213 obtains corresponding policyselection rules and SPP from the policy repository, selects SPP forservice consumer 220 based on the service conditioning information andthe policy selection rules, and sends the SPP to service policy ormetadata agent 212. Upon receipt of the corresponding SPP, servicepolicy or metadata agent 212 embeds policy statements contained in theSPP into the subject of object metadata file and sends the metadata fileto service consumer 220. According to the metadata file, serviceconsumer 220 activates Web service with the rule specified in servicepolicy.

FIG. 3 is a flowchart of method for WS-Policy based web servicecontrolling according to an embodiment of the present invention. In stepS301, a request for service metadata containing service policy isreceived from a service consumer. If service policy or metadatacontroller 210 is a part of a service registration center (e.g. UDDI),the service consumer can request the metadata agent for metadata whichdescribes Web service and in which service policy is embedded duringdevelopment, deployment, or runtime; if service policy or metadatacontroller 210 is a part of a service provider providing service, theservice consumer can request the metadata agent for metadata whichdescribes Web service and in which service policy is embedded duringruntime only.

In step S302, responsive to the service consumer's request, the metadataagent makes a request to an information collector for serviceconditioning information. In step S303, the information collectorcollects service conditioning information associated with providing ofWeb service. The conditioning information can be requested by theinformation collector to the service consumer, the service provider, orother monitoring server. The information collector returns theconditioning information to the metadata agent. In step S304, themetadata agent sends a request containing the service conditioninginformation to a service conditioner to request corresponding SPP.

In step S305, a service conditioner obtains corresponding policyselection rule and SPP from a policy repository, selects SPP for theservice consumer based on the service conditioning information and thepolicy selection rule, and sends the SPP to the metadata agent. Toselect SPP can be implemented by matching the conditioning informationwith the selection rule.

In step S306, the metadata agent aggregates the SPP with the servicemetadata which the service consumer has requested, and sends the servicemetadata back to the service consumer.

In step S307, the service consumer parses the capabilities andrequirements of service described in the metadata, then invokes theservice in the way defined by the policy statements, so that servicedifferentiation based on service policy is realized.

Further, in step S306, the metadata agent can also sends ID of theservice consumer and corresponding SPP to the service provider forpreparation of service provisioning. Or, when the service is invoked,the service provider makes a request to the metadata agent, and themetadata agent sends corresponding SPP to the service provider forpreparation of service provisioning.

According to the present invention, the policy controller only providesservice consumer with part of policies which conform to currentconditioning conditions from policies which the service providersupports. However, service policy statements contained in SPP are stillselectable. That is to say, SPP still can contain a plurality of policysubstitute options. Service consumer 220 at least supports one of policysubstitute options and requests Web service in accordance with thesupported policy.

Since the service provider sets conditions for disclosure of servicepolicy, only part of policies conforming to conditions are provided tothe service consumer and service policy is basically controlled by theservice provider. This changes the policy controlling mechanism in theprior art, that is, the service provider publishes all supported servicepolicies and the service consumer decides any one of service substituteoptions.

In the present invention, the service provider provides differentservice policies for different service consumers in accordance withdifferent conditions, so that service differentiation is realized.Compared with existing service differentiation, service differentiationof the present invention does not need to add additional information tothe header. The policy based web service controlling of the presentinvention is transparent to client end and can realize servicedifferentiation without the need for client end code support. Thepresent invention can work with existing application based on WS-Policywithout the need for changing client side application, so that thedevelopment of client end becomes simple.

Further, service differentiation in the prior art is implemented basedon the binding and collaboration of client and server. The presentinvention decouples the service differentiation mechanism from theservice provisioning and service invocation mechanism, so that it ismore flexible to deploy a new service differentiation mechanism.

Further, service differentiation in the prior art only takes such as QoSof performance, into consideration and does not involve other aspects ofnonfunctional requirements, such as transaction, security, language,specification version, and accessibilities. In the present invention,the service provider controls service policy in accordance with allkinds of service conditioning information, so that it can provide policysupport based on other nonfunctional conditions besides servicefunctions.

Further, the service provider can control the utilization of resourcesby dynamically controlling the disclosure of service policy, to preventunbalance of the resources utilization ratio due to blind selection ofservice substitute options by service consumers.

The present invention has been described in conjunction with theembodiments that are merely illustrative and not limiting. Those ofordinary skill in the art can make various changes or modifications onthis basis. For example, the above policy agent accesses the informationcollector to obtain conditioning information and then sends theconditioning information to the policy conditioner. Another possible wayis that the policy conditioner accesses the information collector toobtain conditioning information.

The disclosed method of the present invention can be implemented insoftware, hardware or a combination of software and hardware. Thehardware part can be implemented using a dedicated logic, and thesoftware part can be stored in a memory and executed by a properinstruction executing system, such as a microprocessor, a personalcomputer (PC) or a large computer.

While the present invention has been described with reference to whatare presently considered to be the preferred embodiments, it is to beunderstood that the invention is not limited to the disclosedembodiments. On the contrary, the invention is intended to cover variousmodifications and equivalent arrangements included within the spirit andscope of the appended claims. The scope of the following claims is to beaccorded the broadcast interpretation so as to encompass all suchmodifications and equivalent structures and functions.

1. An apparatus for WS-Policy based web service controlling, comprising:a service policy repository for storing a plurality of Web Servicepolicies; a service policy agent for receiving a request for a WebService policy from a service consumer, and for obtaining conditioninginformation that influences the Web Service policy; and a service policyconditioner for selecting corresponding Web Service policy from theservice policy repository in accordance with the conditioninginformation; wherein the service policy agent sends the Web Servicepolicy to the service consumer.
 2. The apparatus in accordance withclaim 1, wherein the service policy agent further obtains theconditioning information from an information collector.
 3. The apparatusin accordance with claim 1, wherein the conditioning informationincludes one or more selected from a group consisting of the followinginformation: transaction processing mode, security measure, language,accessibilities, information on period of time, ID, version, and regionof a service consumer, load state, and response time of a serviceprovider.
 4. The apparatus in accordance with claim 1, wherein: theservice policy agent also receives a request for a service metadataincluding policy from the service consumer; and the service policy agentembeds the Web Service policy in the metadata and sends the metadatawhich the Web Service policy is embedded in to the service consumer. 5.The apparatus in accordance with claim 1, wherein the service policyagent further sends the selected policy to a service provider.
 6. Theapparatus in accordance with claim 1, wherein the service policy agentfurther receives a request of a service provider and sends the selectedpolicy to the service provider.
 7. The apparatus in accordance withclaim 1, wherein the Web Service policy is a standalone policy file. 8.The apparatus in accordance with claim 3, wherein the Web Service policyis a policy statement embedded in a WSDL or XML file or is a policy fileattached to a service registration center entity.
 9. A Web Serviceprovider, comprising an apparatus for WS-Policy based web servicecontrolling, said apparatus comprising: a service policy repository forstoring a plurality of Web Service policies; a service policy agent forreceiving a request for a Web Service policy from a service consumer,and for obtaining conditioning information that influences the WebService policy; and a service policy conditioner for selectingcorresponding Web Service policy from the service policy repository inaccordance with the conditioning information; wherein the service policyagent sends the Web Service policy to the service consumer.
 10. Aservice registration center, comprising an apparatus for WS-Policy basedweb service controlling, said apparatus comprising: a service policyrepository for storing a plurality of Web Service policies; a servicepolicy agent for receiving a request for a Web Service policy from aservice consumer, and for obtaining conditioning information thatinfluences the Web Service policy; and a service policy conditioner forselecting corresponding Web Service policy from the service policyrepository in accordance with the conditioning information; wherein theservice policy agent sends the Web Service policy to the serviceconsumer.
 11. The service registration center in accordance with claim10, wherein the Web Service policy is a policy file attached to aservice registration center entity.
 12. A computer executed method forWS-Policy based web service controlling, comprising the steps of: a)receiving a request for a Web Service policy from a service consumer; b)in response to the request, obtaining conditioning information thatinfluences the service; c) selecting a Web Service policy correspondingto the conditioning information from a service policy repository; and d)sending the Web Service policy to the service consumer.
 13. The methodin accordance with claim 12, wherein the step b further comprisesobtaining the conditioning information from an information collector.14. The method in accordance with claim 12, wherein the conditioninginformation includes one or more selected from a group consisting of thefollowing information: transaction processing mode, security measure,language, accessibilities, information on period of time, ID, version,and region of a service consumer, load state, and response time of aservice provider.
 15. The method in accordance with claim 12, wherein:step a) further comprises requesting a service metadata including policyby the service consumer; step c) further comprises embedding the WebService policy in the metadata; and step d) further comprises sendingthe metadata which the Web Service policy is embedded in to the serviceconsumer.
 16. The method in accordance with claim 12, furthercomprising: sending the selected policy to a service provider.
 17. Themethod in accordance with claim 12, further comprising: responsive to arequest of a service provider, sending the selected policy to theservice provider.
 18. The method in accordance with claim 12, whereinthe Web Service policy is a standalone policy file.
 19. The method inaccordance with claim 12, wherein the Web Service policy is a policystatement embedded in a WSDL or XML file or is a policy file attached toa service registration center entity.
 20. The method in accordance withclaim 12, further comprising: e) the service consumer requesting a Webservice in accordance with at least part of the service policy.